Hi Everyone, I plan to enhance my home (private) network configuration. I'm not sure of which hardware to choose, that's why I'm turning to you, the CISCO community. The final configuration will be as follow: - 1 connection to the ISP (Internet) with 1 single public, dynamic IP address at disposal (DHCP, the IP address may change over the time). This is fix, I cannot change this. - 1 private subnet for all PCs, tablets and smartphones, could be separated in 2 subnets in the future - 1 DMZ with the possibility to connect more than one server. - The DMZ subnet is different from the private subnet - 1 router/FW - 1 Wifi access Point (separated hardware through PoE) To me, the router/FW must perform the following: 1. NAT between ISP and private subnet 2. NAT between ISP and DMZ subnet 3. DHCP server for private subnet 4. optional: DHCP for DMZ 5. "Fix DHCP": IP address reservation through MAC Address on private subnet, optional on DMZ subnet 6. DDNS support 7. allows communication from private subnet to ISP 8. allows communication from private subnet to DMZ 9. Deny communication from ISP to private subnet 10. Deny communication from DMZ to private subnet 11. allows communication from ISP to DMZ but only for some services (e.g.: http, ftp, self defined port,...) My idea is to buy one CISCO RV260P router. My questions are: - does the RV260P router fulfil the needs? I think points 1,3,5,6 above are ok, I don't know for the others. - should I use the "hardware DMZ" functionality or should I define 2 VLANS, one for the private subnet and one for the DMZ subnet + defining ACL in the FW section? - Any other suggestion? - more generally, what is the "Inter-VLAN routing" option when defining VLANS? If enabled, does it allow communication between PCs one both VLANS or is it something else? I thank you in advance for your support. Sincerely, Manuel
... View more